Privacy Policy

Effective date: March 14, 2026 | Last updated: March 14, 2026

Your privacy is important to us. At Unspend, we are careful about what data we collect, request the minimum access needed to run the product, keep information only as long as necessary, and aim to be clear about how personal information is collected, used, and shared.

This policy explains what we collect, why we collect it, how we use it, and the choices you have.

Who We Are and What This Policy Covers

Unspend connects to your email inbox (Gmail or Microsoft) and uses AI to identify invoice PDFs, then extracts invoice details so you can manage them inside Unspend (the "Services").

This policy applies to information we collect when you use the Services, including connecting an email account and contacting support.

Information We Collect

We collect information only when needed to provide, secure, and improve the Services.

We collect data in three ways:

Information you provide directly
Information collected automatically
Information received from connected third parties

Information You Provide to Us

Account information

Email address
Name and company name (if provided)
Login and security details needed to run your account

Billing information (if paid plans apply)

Billing contact details
Subscription status and invoices/receipts for payment

Payment card details are typically handled by payment processors and not stored directly by Unspend.

Communications

Messages and attachments you send to support
Replies and support notes

Information We Access From Your Email Inbox (With Your Permission)

Unspend uses OAuth to connect to Gmail or Microsoft. We do not ask for your email password. We request the minimum permissions needed for core features.

Google permissions we request

Google Sign-In: openid, email, and profile to authenticate your account
Gmail connection: https://www.googleapis.com/auth/gmail.readonly to read emails for invoice extraction

What we access

Email metadata (sender, recipient, date/time, subject)
Email content (only as needed to detect invoices)
Attachments (invoice PDFs)

Invoice files and extracted data storage

To provide invoice management features, Unspend stores invoice documents in secure object storage (either the original PDF attachment or a PDF generated from email HTML) and stores extracted invoice fields in our database.

When you unlink Gmail from Unspend, we revoke the Google OAuth token and stop future Gmail access.

We do not use inbox data for advertising.

Unspend's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Reference: Google API Services User Data Policy and Microsoft API terms require least-privilege access and safeguards.

Information We Collect Automatically

Log data (IP, browser/device type, timestamps)
Usage data (features used, clicks, errors, performance metrics)
Approximate location inferred from IP address
Cookies/similar technologies for sessions, security, and basic analytics

How and Why We Use Information

Provide the Services: account setup, inbox connection, extraction, and in-app display
Maintain security and reliability: abuse prevention and troubleshooting
Improve the Services: performance, bug fixes, extraction quality
Communicate with you: support, billing, security, and product notices

AI Processing

Unspend uses automated processing (including AI) to detect invoice emails/PDFs and extract structured fields.

If third-party providers are used (e.g. infrastructure/model providers), they act as service providers and process data only to deliver Unspend Services. We do not permit these providers to use Google user data to train generalized AI/ML models.

Human review of inbox-derived data is limited to support, security incident response, and abuse prevention.

Sharing Information

We share data only in limited circumstances:

Service providers helping us operate Unspend (hosting, monitoring, support, payments)
Legal/safety obligations where disclosure is reasonably necessary
Business transfers (e.g. merger, acquisition, asset sale)
With your direction (for example, when exporting data)
Aggregated/de-identified statistics that do not identify you

How Long We Keep Information

Stored invoice documents and extracted invoice data: retained while your account is active and for a reasonable period thereafter where needed for security, legal, and operational purposes. We process deletion requests in accordance with applicable law and our internal retention practices.
Gmail connection tokens: kept while connected; revoked on unlink and removed from active use
Operational logs: retained for limited periods needed for security, fraud prevention, and reliability

Backup deletion may take additional time due to rotation schedules.

Security

Encryption in transit (TLS)
Access controls (least privilege)
Monitoring and logging
Secure key/token storage practices

Your Choices

Disconnect Gmail/Microsoft access in Unspend
Revoke access in Google/Microsoft account settings
Request deletion of extracted invoice data
Close your account
Opt out of marketing emails (service-critical emails still apply)

Your Rights

Depending on location, you may have rights to:

Access, correct, or delete your personal information
Object to or restrict certain processing
Receive a portable copy of your data

To exercise rights, contact us at [email protected]. We may verify account ownership first.

International Data Transfers

Information may be processed in countries different from where you live. Where required, Unspend uses contractual and technical safeguards for cross-border transfers.

Changes to This Policy

We may update this policy from time to time. The "Last updated" date indicates the latest revision. If changes are material, we will take reasonable steps to notify you (for example, by email or in-app notice).

How to Reach Us

Email: [email protected]

Organized teams manage their subscriptions.
Plug the gaps now.